How do I grab events for all applications? An example system-wide hook

System-wide hooks are a way to capture events for all applications
running on the system. Rather than spend hours duplicating someone
else's excellent job, I suggest you read Kyle Marsh's primer on the
subject, titled "Win32 Hooks" which forms part of the MSDN
library.

If you want to play around with hooks, I have supplied a simple
skeletal keyboard hook, which will detect the user pressing the F2
key and send a message to the installing application, no matter who
has the foreground*. The code shown here can be downloaded via the
link at the bottom of this page. The code zip includes all source
for both the hook and the associated test harness application. I
don't include project files or a makefile, since I don't know what
compiler you'll be using. The sample was compiled and tested using
VC7.

Note: there is a section declared as shared in the DEF file:

SECTIONS .SHARHOO READ WRITE SHARED

For obvious reasons, I keep some stuff shared across all instances
of the hook (hence the section). Note that shared items must
be initialised.

Fairly obviously, you can remove the calls to debugging code
as you get confident with your modified version..

* Note that NT6+ (Vista and above) introduce the concept of
integrity levels. There are four of these, low, high, medium and
system. One important point about integrity levels is that a process
running at integrity level N cannot hook processes running at
any integrity level greater than N. Hence hooks can no longer be guaranteed
to work. However they're still powerful enough to be useful, provided
you don't expect to get away with hooking something like an elevated
installer process :)